Secured network system

ABSTRACT

A secured network system comprising a readykey controller which has a first  card reader and a power relay switch connected thereto. The user of the stem inserts a microchip embedded card into the first card reader which then transmits an authorization signal to the readykey controller. The readykey controller then activates a power relay switch affixed to the computer which connects the computer&#39;s power supply to an external power source activating the computer. The secured network system also has a data relay switch which includes a manual A/B secured network switch. The manual A/B switch allows the user to receive and process classified data, by setting the switch to a predetermined position which connects a secured network server to the computer. The user inserts his proximity card into a second card reader which transmits a second authorization signal to the readykey controller. The readykey controller, responsive to the second authorization signal, activates the data relay switch. Activating the data relay switch connects the secured network switch to the secured network server via the data relay switch which allows for the transmission of classified data between the secured network server and the personal computer.

This application is a continuation-in-part of U.S. patent applicationSer. No. 08/035,409, filed Feb. 10, 1998, U.S. patent application Ser.No. 08/919,180, filed Aug. 15, 1997, now U.S. Pat. No. 5,894,552 andU.S. patent application Ser. No. 08/919,181, filed Aug. 15, 1997, U.S.Pat. No. 5,841,120.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates generally to secured network systems. Moreparticularly, the present invention relates to a secured network systemwhich allows multiple users with proper authorization to accessclassified data provided by a secured network server and unclassifieddata provided by an unsecured network server from their personalcomputer.

2. Description of the Prior Art

In the past computer security for the military services and theintelligence agencies has been provided by a variety of commerciallyavailable computer programs which are adapted for use with a variety ofmicrocomputers such as DOS based operating system personal computers andApple Macintosh personal computers. These computer programs are adaptedto provide access control to a computer's data or the data base of aLocal Area Network that is coupled to the computer.

Computer security programs often reside in the memory of the computer'scentral processing unit. Placing computer security programs in thecomputer's memory slows the computer's processing time because thecomputer must perform repetitive identification and auditing tasksstored in the computer's memory. In addition, conflicts between securitysoftware and the computer operating system or other computer softwareused by the computer may result in the computer crashing which rendersthe computer unusable.

Recently microchip embedded cards or "Smart Cards" have been used withcomputer security software to insure that classified data is notaccessible to an individual who is not authorized to access theclassified data. However, "Smart Cards" also rely on performingauthentication and auditing functions which are stored in the computer'smemory.

Accordingly, there is a need for a secure network system which willallow only authorized individuals to access classified data, but willnot require the use of computer memory to perform authentication andauditing functions associated with the accessing of classified data.

SUMMARY OF THE INVENTION

The present invention overcomes some of the disadvantages of the priorart including those mentioned above in that it comprises a relativelysimple yet highly effective secured network system which will allow onlyan authorized user of the secured network system to access classifieddata.

The secured network system comprising the present invention includes areadykey controller which has connected thereto a first card reader anda power relay switch. The user of the secured network system inserts amicrochip embedded card into the first card reader which then transmitsan authorization signal to the readykey controller indicating that theuser is authorized to use a personal computer and its associatedmonitor. The readykey controller, in response to the authorizationsignal, activates a power relay switch affixed to the computer whichconnects the computer's power supply to an external power sourceallowing the user to receive and process data with the computer.

The secured network system also has a data relay switch which includes amanual A/B secured network switch. The manual A/B switch allows the userto receive and process classified data, by setting the manual A/B switchto a predetermined position which allows a secured network server to beconnected to the computer. The user then inserts his proximity card intoa second card reader which transmits a second authorization signal tothe readykey controller indicating that the user is authorized toreceive and process classified data from the secured network server. Thereadykey controller, responsive to the second authorization signal,activates the data relay switch. Activating the data relay switchconnects the secured network switch to the secured network server viathe data relay switch which allows for the transmission of classifieddata between the secured network server and the personal computer.

The secured network system of the present invention is adapted for usewith two computers. A second power relay switch and a second data relayswitch is provided for the second computer to allow an authorized userof the second computer to receive and processed both classified andunclassified data.

Each power relay switch has a tamper circuit which is connected to thereadykey controller. When an unauthorized user attempts to bypass thepower relay switch to gain access to the computer the impedance of thetamper circuit will change which causes the readykey controller todeactivate the power relay switch and generate an alarm.

Each data relay switch also has a tamper circuit which is connected tothe readykey controller. When an unauthorized user attempts to bypassthe data relay switch to gain access to the computer the impedance ofthe tamper circuit will change which causes the readykey controller tode-activate the data relay switch and generate an alarm.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is an lectrical schematic diagram of a secured network systemwhich includes a power relay switch and a data relay switch;

FIG. 2 is an electrical schematic diagram of the power relay switch ofFIG. 1;

FIG. 3 is an electrical schematic diagram of the data relay switch ofFIG. 1; and

FIGS. 4A, 4B and 4C are electrical schematic diagrams of a securednetwork system which includes a power relay switch, a data relay switchand which is adapted for use with plurality of card readers.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

Referring to FIG. 1 there is shown a secured network system 10 whichreceives and processes classified data as well as unclassified data.Secured network system 10 includes a readykey controller 12 which hasconnected thereto a personal computer card reader 14 located adjacent adigital computer 18 and a power relay switch 16 affixed to computer 18.The user of secured network system 10 presents a proximity card which isa microchip embedded card (not illustrated) to card reader 14. Cardreader 14 upon receiving the microchip embedded card and verifying thecard transmits an electrical authorization signal to readykey controller12 indicating that the user is authorized to use digital computer 18 andits associated monitor 20 for receiving and processing classified dataas well as unclassified data.

The readykey controller 12 is also connected to an administrativepersonal computer (not illustrated) which monitors readykey controller12 to keep track of individuals accessing computer 18 and to insure anattempt at unauthorized access of data stored in computer 18 oravailable to computer 18 through a Local Area Network is not made.

Referring now to FIGS. 1, 2 and 4A-4C, readykey controller 12 has fourcontacts RC1, RC2, RC3 and RC4. Readykey controller 12, in response tothe electrical authorization signal from card reader 14, closes itscontact RC1 which allows current from a +12 VDC source to flow throughthe coils of relays 40, 41 and 42 energizing the coil of each relay 40,41 and 42. Energizing the coil of relay 40 closes normally open contact1 of relay 40, energizing the coil of relay 41 closes normally opencontact 1 of relay 41, and energizing the coil of relay 42 opensnormally closed contact 1 of relay 42.

Closing contact 1 of relay 40 and relay 41 connects power line 44 fromterminal M3 of power relay switch 16 through relay 40 to terminal M5 ofswitch 16 and neutral line 46 from terminal M4 of power relay switch 16through relay 40 to terminal M6 of switch 16. Terminal M5 and M6 ofpower relay switch 16 are connected to the power supply for computer 18so that closure of normally open contact 1 of relays 40 and 41 provides120 VAC from an external source to the power supply of computer 18,thereby activating computer 18 which allows the user of computer 18 toreceive and process data. Line 48 provides a ground for computer 18.

Line 50 which connects pin 6, terminal J1 of switch 16 to pin 5,terminal J1 of switch 16 via normally closed contact 1 of relay 42 is astatus or test line. When normally closed contact 1 of relay 42 isclosed a test signal is supplied to readykey controller 12 indicatingthat power relay switch 16 is off and computer 18 is not operational.Opening normally closed contact 1 of relay 42 results in a test signalbeing provided to readykey controller 12 which indicates that powerrelay switch 16 is on and computer 18 is operational.

Power relay switch 16 includes a normally closed tamper switch 22 whichis connected through pins 7 and 8 of terminal J1 of switch 16 toreadykey controller 12. When tamper switch 22 is in a closed position,current flow is through resistor R1 and switch 22 which indicates toreadykey controller 12 that power relay switch 16 is operating normally.Unauthorized tampering or removal of the power relay switch 16 fromcomputer 18 opens tamper switch 22. Opening tamper switch 22 results ina change in impedance (series connected resistors R1 and R2 are now inthe current flow path) which indicates that an unauthorized person hasattempted to bypass power relay switch 16 or remove power relay switch16 from computer 18. Resistor R1 has a value of 2.2 K-ohms and resistorR2 has a value of 4.7 k-ohms.

Referring again to FIG. 1, secured network system 10 includes a datarelay switch 26 which has a manual A/B switch enclosed therein. Themanual A/B switch allows the user of computer 18 to receive unclassifieddata from an unsecured network server 30 and classified data from asecured network server 32. The manual A/B switch used in secured networksystem 10 is fully disclosed in U.S. Pat. No. 5,777,400, "ShieldedComputer Network Switch", which issued on Jul. 7, 1998 to Stephen W.Bouthillier, a co-inventor of the present invention.

When the manual A/B switch of data relay switch 26 is set at a firstposition such that unsecured network server 30 is connected to computer18, the user of computer 18 may receive and process unclassified datafrom unsecured network server 30.

When the user of secured network system 10 needs to receive and processclassified data, the manual A/B switch of data relay switch 26 is set ata second position allowing secured network server 32 to be connected tocomputer 18. The user next inserts his proximity card into a networkcard reader 24 which then transmits an electrical authorization signalto readykey controller 12 indicating that the user is authorized toreceive and process classified data from secured network server 32.Readykey controller 12, responsive to the authorization signal fromnetwork card reader 24 enables data relay switch 26. Enabling data relayswitch 26 connects secured network server 32 to computer 18 through datarelay switch 26 and the manual A/B switch enclosed therein.

Referring to FIGS. 1, 3 and 4A-4C there is shown in FIG. 3 a detailedelectrical schematic diagram of data relay switch 26. Data relay switch26 includes three relays 60, 62 and 64 which allow a computer to beconnected to secured network server 32.

Secured network server 32 is connected to computer 18 through relays 60,62 and 64 of data relay switch 26. Readykey controller 12, in responseto the electrical authorization signal from card reader 24, closes itscontact RC2 which allows current from +12 VDC source to flow through thecoils of relays 60, 62 and 64 energizing the coil of each relay 60, 62and 64. Energizing the coil of relay 62 closes normally open contacts 1and 2 of relay 62, energizing the coil of relay 64 closes normally opencontacts 1 and 2 of relay 64, and energizing the coil of relay 60 opensnormally closed contact 1 of relay 60. Closing the normally opencontacts 1 and 2 of each relay 62 and 64 completes a data path for thefour classified data lines 66 between secured network server 32 andcomputer 18 allowing for the transfer of classified data between securednetwork server 32 and computer 18.

Data relay switch 26 also has a status or test line 68 which indicatesthe status of the data path or the four data lines 66 between securednetwork server 32 and computer 18. When the coil of relay 60 isde-energized, normally closed contact 1 of relay 60 is closed sending atest signal to readykey controller 12 via status line 68 which indicatesto readykey controller 12 that the data path between secured networkserver 32 and computer 18 is inactive. Energizing the coil of relay 60opens normally closed contact 1 of relay 60 which indicates to readykeycontroller 12 that the data path between secured network server 32 andcomputer 18 is active and classified data may be transferred over thefour data lines 66.

Data relay switch 26 also has a normally closed tamper switch 70 whichis connected through pins 7 and 8 of terminal J2 of data relay switch 26to readykey controller 12. When tamper switch 70 is in a closedposition, current flow is through resistor R3 and switch 70 whichindicates to readykey controller 12 that data relay switch 26 coupled tocomputer 18 is operating normally. Unauthorized tampering of data relayswitch 26 opens tamper switch 70. Opening tamper switch 70 results in achange in impedance (series connected resistors R3 and R4 are now in thecurrent flow path) which indicates that an unauthorized person hastampered with data relay switch 26. Resistor R3 has a value of 2.2K-ohms and resistor R4 has a value of 4.7 k-ohms.

At this time it should be noted that readykey controller 12 includes analarm event manager module 13 which significantly increases the inputsand outputs of readykey controller 12. The readykey controller 12 usedin the preferred embodiment of the present invention is a Model No.K2100 Readykey Controller commercially available from RadionicsCorporation of Salinas, Calif. Module 13 is a Model K2015A Alarm EventManager Module also commercially available from Radionics Corporation.Personal Computer card reader 14 is a Readykey K2003 Touchfree proximityreader and network card reader 24 is a Readykey K2001 Touchfreeproximity reader also commercially available from Radionics of Salinas,Calif.

The power relay switch 16 used in the preferred embodiment of thepresent invention is a Model No. 101022 SecureSwitch Power Relay Switchcommercially available from Market Central Inc. of Pittsburgh, Pa. Thedata relay switch 26 which has a manual A/B switch enclosed therein is aModel No. 101021 SecureSwitch Data Relay Switch, also commerciallyavailable from Market Central, Inc.

Referring to FIGS. 1, 2 and 4A-4C, whenever an unauthorized persontampers with power relay switch 16, module 13 of readykey controller 12will sense a change in impedance within the R1, R2 resistor seriescircuit of switch 16 via a ZONE 1 IN line. ZONE 1 IN line connectsmodule 13 to power relay switch 16 of secured network system 10.

Readykey controller has six normally closed tamper switch relay contactsTSRC1, TSRC2, TSRC4, TSRC5, TSRC7 and TSRC8 and two normally open tamperswitch relay contacts TSRC3 and TSRC6.

Readykey controller 12, responsive to this change in impedance, opensits normally closed contact TSRC1 which de-energizes relays 40 and 41 ofpower relay switch 16. De-energizing relays 40 and 41 opens contact 1 ofrelay 40 and contact 1 of relay 42 which disconnects 120 VAC from theexternal source to the power supply of computer 18 de-activatingcomputer 18.

Referring to FIGS. 1, 3 and 4A-4C, whenever an unauthorized persontampers with data relay switch 26, module 13 of readykey controller 12will sense a change in impedance within the R3, R4 resistor seriescircuit of switch 26 via a ZONE 2 IN line. ZONE 2 IN line connectsmodule 13 to data relay switch 26 of secured network system 10.

Readykey controller 12, responsive to this change in impedance, opensits normally closed contact TSRC2 which de-energizes relays 62 and 64 ofdata relay switch 26. De-energizing relays 62 and 64 opens contacts 1and 2 of relay 62 and contacts 1 and 2 of relay 64 which disconnects thefour classified data lines 66 between secured network server 32 andcomputer 18. Disconnecting the four classified data lines 66 preventsthe transfer of classified data between secured network server 32 andcomputer 18.

Opening contact TSRC2 also de-energizes relay 60 closing contact 1 ofrelay 60 which results in a test signal being sent to readykeycontroller 12 via status line 68 indicating to readykey controller 12that the data path between secured network server 32 and computer 18 isnow inactive.

Module 13 of readykey controller 12 also has an impedance matchingcircuit 80. Impedance matching circuit 80 includes series connectedresistor R5 and R6 and readykey controller contact TSRC7 which isconnected parallel to resistor R6. Impedance matching circuit 80 alsoincludes series connected resistor R7 and R8 and readykey controllercontact TSRC8 which is connected parallel to resistor R8. Resistors R5and R7 each have a value of 2.2 K-ohms while resistors R6 and R8 eachhave a value of 4.7 K-ohms.

Impedance matching circuit 80 is used by readykey controller 12 as acomparison circuit to compare the impedance values provided by powerrelay switch 16 and data relay switch 26 with the expected valuesprovided by impedance matching circuit 80. Readykey controller 12 maythen determine whether an unauthorized person is tampering with eitherpower relay switch 16 or data relay switch 26.

Each card reader 14, 24, 84 and 86 has red and green light emittingdiodes (not illustrated). The red light emitting diode indicates thecard reader 14, 24, 84 or 86 is powered on but authorized access has notbeen granted.

The VCA terminal of card reader 24 is connected through diode D2,contact RC2 and contact TSRC2 to ground. When readykey controller 12closes contact RC2 the current path from card reader 24 to ground iscomplete which activates the green light emitting diode of card reader24. Activating the green light emitting diode of card reader 24indicates that data channel associated with card reader 24 is enabled.

Referring to FIGS. 1 and 4A-4C, secured network system 10 is adapted foruse with two personal computers. System 10 includes a second personalcomputer card reader 84 located adjacent the second personal computer(not illustrated). System 10 also includes a second network card reader86 positioned adjacent the data relay switch for the second computer.

The user of secured network system 10 may present a proximity card tocard reader 84. When card reader 84 verifies that the user is authorizedto use the second computer and the monitor associated with card reader84, readykey controller 12 will activate the power relay switch for thesecond computer. In a like manner, the data relay switch for the secondcomputer is activated when an authorized user presents a proximity cardto card reader 86 which allows the user of the second computer toreceive and process classified data as well as unclassified data.

Since the power relay switch for the second personal computer operatesin exactly the same manner as the power relay switch illustrated in FIG.2, and the data relay switch for the second personal computer operatesin exactly the same manner as the data relay switch illustrated in FIG.3, a detailed description of their operation will not be provided.

From the foregoing, it may readily be seen that the present inventioncomprises a new, unique and exceedingly useful secured network systemfor receiving and processing classified and unclassified data whichconstitutes a considerable improvement over the known prior art.Obviously, many modifications and variations of the present inventionare possible in light of the above teachings. It is, therefore to beunderstood that within the scope of the appended claims that theinvention may be practiced otherwise than as specifically described.

What is claimed is:
 1. A secured network system comprising:a dataprocessor for receiving and processing unclassified data; a personalcomputer card reader located in proximity to said data processor; saidpersonal computer card reader being adapted to receive a microchipembedded card, said personal computer card reader providing anauthorization signal whenever said microchip embedded card is presentedto and authenticated by said personal computer card reader; a powerrelay switch connected to said data processor; a controller connected tosaid power relay switch, said controller being connected to saidpersonal computer card reader to receive said authorization signal fromsaid personal computer card reader; said controller, responsive to saidauthorization signal, activating said power relay switch; said powerrelay switch when activated coupling said data processor to an externalpower supply to enable said data processor allowing said data processorto receive and process said unclassified data; said power relay switchhaving a normally closed tamper switch coupled to said data processorand said controller; and said controller monitoring said normally closedtamper switch to detect when said normally closed tamper switch isopened which indicates that an unauthorized user of said secured networksystem is attempting to bypass said power relay switch.
 2. The securednetwork system of claim 1 wherein said data processor comprises adigital computer.
 3. The secured network system of claim 1 wherein saidpower relay switch comprises:a first relay having a coil connected tosaid controller and a normally open contact, the normally open contactof said first relay having a first terminal connected to said externalpower supply and a second terminal connected to said data processor; asecond relay having a coil connected to said controller and a normallyopen contact, the normally open contact of said second relay having afirst terminal connected to said external power supply and a secondterminal connected to said data processor; said controller, responsiveto said authorization signal, energizing the coil of said first relayand the coil of said second relay to close the normally open contact ofsaid first relay and the normally open contact of said second relay. 4.The secured network system of claim 3 wherein said power relay switchfurther comprises a third relay having a coil and a normally closedcontact, the coil of said third relay and the normally closed contact ofsaid third relay being connected to said controller.
 5. The securednetwork system of claim 1 further comprising:a first resistor having afirst terminal connected to said controller and a second terminalconnected to a first terminal of said normally closed tamper switch; asecond resistor having a first terminal connected to the second terminalof said first resistor and a second terminal connected to a secondterminal of said normally closed tamper switch; and the second terminalof said normally closed tamper switch being connected to saidcontroller.
 6. The secured network system of claim 5 wherein said firstresistor comprises a 2.2 k-ohm resistor and said second resistorcomprises a 4.7 k-ohm resistor.
 7. A secured network system comprising:adata processor for receiving and processing classified data; a personalcomputer card reader located in proximity to said data processor; saidpersonal computer card reader being adapted to receive a microchipembedded card, said personal computer card reader providing a firstauthorization signal whenever said microchip embedded card is presentedto and authenticated by said personal computer card reader; a powerrelay switch connected to said data processor; a controller connected tosaid power relay switch, said controller being connected to saidpersonal computer card reader to receive said first authorization signalfrom said personal computer card reader; said controller, responsive tosaid first authorization signal, activating said power relay switch;said power relay switch when activated coupling said data processor toan external power supply to enable said data processor allowing saiddata processor to receive and process said classified data; said powerrelay switch having a normally closed tamper switch coupled to said dataprocessor and said controller; said controller monitoring the normallyclosed tamper switch of said power relay switch to detect when thenormally closed tamper switch of said power relay switch is opened whichindicates that an unauthorized user of said secured network system isattempting to bypass said power relay switch; a data relay switchconnected to said data processor, said data relay switch being connectedto a classified network server which generates said classified data; anetwork card reader connected to said controller, said network cardreader being adapted to receive said microchip embedded card, saidnetwork card reader providing a second authorization signal wheneversaid microchip embedded card is presented to and authenticated by saidnetwork card reader, said controller receiving said second authorizationsignal from said network card reader; said controller, responsive tosaid second authorization signal, enabling said data relay switch toprovide for a data transfer of said classified data from said classifiednetwork server through said data relay switch to said data processorallowing an authorized user of said secure network system to processsaid classified data with said data processor; said data relay switchincluding a normally closed tamper switch connected to said controller;and said controller monitoring the normally closed tamper switch of saiddata relay switch to detect when the normally closed tamper switch ofsaid data relay switch is opened which indicates that an unauthorizeduser of said secured network system is attempting to bypass said datarelay switch.
 8. The secured network system of claim 7 wherein said dataprocessor comprises a digital computer.
 9. The secured network system ofclaim 7 wherein said power relay switch comprises:a first relay having acoil connected to said controller and a normally open contact, thenormally open contact of said first relay having a first terminalconnected to said external power supply and a second terminal connectedto said data processor; a second relay having a coil connected to saidcontroller and a normally open contact, the normally open contact ofsaid second relay having a first terminal connected to said externalpower supply and a second terminal connected to said data processor; andsaid controller, responsive to said authorization signal, energizing thecoil of said first relay and the coil of said second relay to close thenormally open contact of said first relay and the normally open contactof said second relay.
 10. The secured network system of claim 9 whereinsaid power relay switch further comprises a third relay having a coiland a normally closed contact, the coil of said third relay and thenormally closed contact of said third relay being connected to saidcontroller.
 11. The secured network system of claim 7 furthercomprising:a first resistor having a first terminal connected to saidcontroller and a second terminal connected to a first terminal of thenormally closed tamper switch of said power relay switch; a secondresistor having a first terminal connected to the second terminal ofsaid first resistor and a second terminal connected to the firstterminal of the normally closed tamper switch of said power relayswitch; and the second terminal of the normally closed tamper switch ofsaid power relay switch being connected to said controller.
 12. Thesecured network system of claim 11 wherein said first resistor comprisesa 2.2 k-ohm resistor and said second resistor comprises a 4.7 k-ohmresistor.
 13. The secured network system of claim 11 furthercomprising:a third resistor having a first terminal connected to saidcontroller and a second terminal connected to a first terminal of thenormally closed tamper switch of said data relay switch; a fourthresistor having a first terminal connected to the second terminal ofsaid third resistor and a second terminal connected to a second terminalof the normally closed tamper switch of said data relay switch; and thesecond terminal of the normally closed tamper switch of said data relayswitch being connected to said controller.
 14. The secured networksystem of claim 13 wherein said third resistor comprises a 2.2 k-ohmresistor and said fourth resistor comprises a 4.7 k-ohm resistor.